none
EventID 64 - CertificateServicesClient -AutoEnrollment

    Question

  • A certificate is about to or has expired, thats about the jist of things, i've seen this two days in a row now in the event viewer, strangely enough the thumpprint is different each day.

    Today its : 

    ObjId

    54 6f a8 8c 85 2e db fc 5b 60 7e 28 ea e0 73 71 3b c6 e8 7c

    However the GUID remains the same : F0DB7EF8-B6F3-4005-9937-FEB77B9E1B43 (not sure if that helps actually)

    Now i've naturally looked this up before i came here but i cant solve it so far.

    I've ran MMC and i've looked at every certificate list i can find, but the thumpprint.. how do recognise it? 

    Every certificate is listed as a normal name, not numbers.

    And the only certificate i suspect MIGHT be the culprit, is the new XBL certificate, that seems to want an update every single day. (so yesterday it was valid untill 21-10, today it says 22-10, which seems highly irregular to me, hence my suspicion)

    But it doesnt seem to match the thumpprint, is it literally supposed to say 54 6f etcetc? or is there another way im supposed to Uncover that?

    I'm not a complete "noob" but this is definitely new to me. :P

    Just to be clear, im on a normal windows 10 home edition thats been upgraded from creators update to, eventually, the fall update.

    Thats when the "trouble" started, and i've already asked on "microsoft answers", but they directed me here, also im Dutch, so excuse my english if i mistakenly mistranslated something, but i think you get what the issue is. 

    Edit : i've also looked in the regedit and browsed the systemcertificate folders.

    None of the folder names match the GUID or the thumpprint as far as i could tell.

    The XBL certificate i mentioned, isnt listed amongst them, so maybe thats sitting somewhere else in the regedit.

    Which to me seems more and more the culprit, also considering its only been going on the next day after the fall update, XBL services are installed since 18-10 according to apps and programs etc., 19-10 the messages started popping up when i turned on the computer. (i Always check eventviewer when i start it up, especially after big updates)

    Every other certificate i can find is either expired years ago, the "shortest" time ago seems to be stemming from 19-4-2017, but thats not the one either.

    Every other one is either listed as 2018 or well beyond.

    • Edited by AngryBear37 Saturday, October 21, 2017 7:26 AM
    Saturday, October 21, 2017 5:58 AM

All replies

  • Hi, I'm having the same problem like you. The ca certificate that you and I are having a problem with is the xbl ipsec which belongs to the Xbox live app. The problem is that is only renewing for 24 hours at a time. Hopefully the next Xbox live app update will fix it
    Saturday, October 21, 2017 7:58 PM
  • Hi, I'm having the same problem like you. The ca certificate that you and I are having a problem with is the xbl ipsec which belongs to the Xbox live app. The problem is that is only renewing for 24 hours at a time. Hopefully the next Xbox live app update will fix it

    Hi thanks for replying, 

    Yes i do believe thats the one causing the messages.

    It renews 1 day at a time, i've tried renewing it manually, but it will say something like that there is no certificate..template? not sure what the right translation would be but i think its right. :P

    So it cant "write" itself into the system or somesuch, at any rate i cant manually renew.

    I've thought about asking for a new key, but im getting into territory where im uncertain about what im doing and what the results might be lol.

    So i hope someone here has a better clue how to fix this, or else its waiting for an update.

    Sunday, October 22, 2017 7:11 AM
  • Hi, i tried renewing as new and renewing as same but I also get the same no template error message like you. I deleted the certificate and when I restarted the computer the certificate came back for only 24 hours :( I don't know what else to do, I guess a app update will fix it
    Sunday, October 22, 2017 8:16 PM
  • Hi, i tried renewing as new and renewing as same but I also get the same no template error message like you. I deleted the certificate and when I restarted the computer the certificate came back for only 24 hours :( I don't know what else to do, I guess a app update will fix it

    Well it got weirder for me, the certificate messages have disappeared when i started the computer up this morning.

    The XBL cert. still moves up 1 day at a time, so maybe that wasnt it, but doesnt explain why the messages have disappeared.

    I've seen no updates in the windows store to XBL service apps or whathaveyou.

    Untill it comes back, im kinda stumped, the only other certificate i have that might be "it", is in myaccount cert. list, under personal, but that one expired back in april, doubt thats it as eventviewer Always listed the cert under local system.

    Bit of a mystery.

    Monday, October 23, 2017 8:42 AM
  • > windows 10 home edition

    if you are running Home Edition, you can safely ignore this event. It is generated by certificate autoenrollment client which informs you about expired certificates in your certificate store. The fact that you can't find this particular certificate leads me to think that it is archived. In MMC you can enable archived certificate view (in the View menu) and try to find it there.


    Vadims Podāns, aka PowerShell CryptoGuy
    My weblog: www.sysadmins.lv
    PowerShell PKI Module: PSPKI
    Check out new: SSL Certificate Verifier
    Check out new: PowerShell File Checksum Integrity Verifier tool.

    Monday, October 23, 2017 3:28 PM
  • > windows 10 home edition

    if you are running Home Edition, you can safely ignore this event. It is generated by certificate autoenrollment client which informs you about expired certificates in your certificate store. The fact that you can't find this particular certificate leads me to think that it is archived. In MMC you can enable archived certificate view (in the View menu) and try to find it there.


    Vadims Podāns, aka PowerShell CryptoGuy

    Cant find it in archived either and the cert. expired etc. message has come back again.

    The XBL cert. has stopped updating and remains on 24-10, might still update later today ofcourse, but its the only one i can think of that might trigger the event.

    But you tell me i can safely ignore the event so i will do that, i hope you're right. :P

    Wednesday, October 25, 2017 6:59 AM
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, October 31, 2017 2:10 AM
    Moderator
  • Hi,

    I am checking how the issue is going, if you still have any questions, please feel free to contact us.

    And if the replies as above are helpful, we would appreciate you to mark them as answers, and if you resolve it using your own solution, please share your experience and solution here. It will be greatly helpful to others who have the same question.

    Appreciate for your feedback.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact 

    Nope still going on, twice a day in the eventviewer.

    Ever since the XBL ipsec certificate stopped updating 1 day at a time, the thumpprint remained the same.

    It used to change with when it did update, so thats either one hell of a coincidence or yeh its probably that certificate causing triggering it.

    No clue how to fix it, cant renew it, cant ask for a new key as it doesnt have a certificate template.

    I could delete it, but as someone else mentioned it will probably just be 1 day into the future again.

    Theres nothing in the archives that could hint to perhaps a completely different cert. being the cause of it.

    So thats where we are now.

    On google i've come across a multitude of similar issues since the fall update.

    The GUID mentioned in the event message doesnt help, it seems very generic as it can go back all the way to vista or windows server 2008 and whatnot if i copy and paste it into google, so i dont think it actually points to anything specific.


    • Edited by AngryBear37 Tuesday, October 31, 2017 10:17 AM
    Tuesday, October 31, 2017 10:16 AM
  • Not sure if anybody reads this at all, but i finally figured out (thanks support.. geez :P) how to find a specific certificate using the thumbnail in a eventid describtion.

    After searching for it, it only came up with the XBL ipsec certificate, as i suspected.

    This is pretty much Microsofts problem making it my problem, how do i get rid of either the certificate and/or the eventid messages?

    Deleting the certificate does no good, it will pop back up the next day as far as i know.

    Saturday, November 11, 2017 3:42 PM
  • Hi,

    I am glad that the issue is figured out. And appreciate your update and sharing the method to us. We would appreciate you to mark them as answers, it will be greatly helpful to others who have the same problem.

    Thank you for your effort again.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 13, 2017 1:33 AM
    Moderator
  • Hi,

    I am glad that the issue is figured out. And appreciate your update and sharing the method to us. We would appreciate you to mark them as answers, it will be greatly helpful to others who have the same problem.

    Thank you for your effort again.

    Best regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    But its not figured out?

    I've only been able to establish which certificate is causing / triggering the Events or error messages.

    I have no idea how to solve it.. which was the whole point of this tread?

    Monday, November 13, 2017 9:00 AM
  • Yup, simply starting the XBOX app on Windows 10 currently renews that particular XBL IPsec Client cert for 24hrs only.

    Perhaps Microsoft was thinking the users daily or background runs of the app has a particular benefit to the security of the cert; however, 24hrs vice at least monthly seems a bit low. I wouldn't be surprised if the cert is generated in order to talk locally to an Xbox console on the network for internal updates between Windows and the console both for game tiles and local Xbox game streaming (not the video recordings/shares to the internet).

    Sunday, March 18, 2018 9:35 PM